[PM-14252] Switch to oo7 and drop libsecret

apps/desktop/desktop_native/core/Cargo.toml

@@ -15,8 +15,6 @@ sys = [
   "dep:core-foundation",
   "dep:security-framework",
   "dep:security-framework-sys",
-  "dep:gio",
-  "dep:libsecret",
   "dep:zbus",
   "dep:zbus_polkit",
 ]
@@ -84,7 +82,7 @@ security-framework = { version = "=3.0.0", optional = true }
 security-framework-sys = { version = "=2.12.0", optional = true }
 
 [target.'cfg(target_os = "linux")'.dependencies]
-gio = { version = "=0.19.5", optional = true }
-libsecret = { version = "=0.5.0", optional = true }
+oo7 = "0.3.3"
+
 zbus = { version = "=4.4.0", optional = true }
 zbus_polkit = { version = "=4.0.0", optional = true }

apps/desktop/desktop_native/core/src/biometric/macos.rs

@@ -18,15 +18,15 @@ impl super::BiometricTrait for Biometric {
         bail!("platform not supported");
     }
 
-    fn get_biometric_secret(
+    async fn get_biometric_secret(
         _service: &str,
         _account: &str,
         _key_material: Option<KeyMaterial>,
     ) -> Result<String> {
         bail!("platform not supported");
     }
 
-    fn set_biometric_secret(
+    async fn set_biometric_secret(
         _service: &str,
         _account: &str,
         _secret: &str,

apps/desktop/desktop_native/core/src/biometric/mod.rs

@@ -28,14 +28,16 @@ pub trait BiometricTrait {
     #[allow(async_fn_in_trait)]
     async fn available() -> Result<bool>;
     fn derive_key_material(secret: Option<&str>) -> Result<OsDerivedKey>;
-    fn set_biometric_secret(
+    #[allow(async_fn_in_trait)]
+    async fn set_biometric_secret(
         service: &str,
         account: &str,
         secret: &str,
         key_material: Option<KeyMaterial>,
         iv_b64: &str,
     ) -> Result<String>;
-    fn get_biometric_secret(
+    #[allow(async_fn_in_trait)]
+    async fn get_biometric_secret(
         service: &str,
         account: &str,
         key_material: Option<KeyMaterial>,

apps/desktop/desktop_native/core/src/biometric/unix.rs

@@ -73,7 +73,7 @@ impl super::BiometricTrait for Biometric {
         Ok(OsDerivedKey { key_b64, iv_b64 })
     }
 
-    fn set_biometric_secret(
+    async fn set_biometric_secret(
         service: &str,
         account: &str,
         secret: &str,
@@ -85,11 +85,11 @@ impl super::BiometricTrait for Biometric {
         ))?;
 
         let encrypted_secret = encrypt(secret, &key_material, iv_b64)?;
-        crate::password::set_password(service, account, &encrypted_secret)?;
+        crate::password::set_password(service, account, &encrypted_secret).await?;
         Ok(encrypted_secret)
     }
 
-    fn get_biometric_secret(
+    async fn get_biometric_secret(
         service: &str,
         account: &str,
         key_material: Option<KeyMaterial>,
@@ -98,7 +98,7 @@ impl super::BiometricTrait for Biometric {
             "Key material is required for polkit protected keys"
         ))?;
 
-        let encrypted_secret = crate::password::get_password(service, account)?;
+        let encrypted_secret = crate::password::get_password(service, account).await?;
         let secret = CipherString::from_str(&encrypted_secret)?;
         return Ok(decrypt(&secret, &key_material)?);
     }

apps/desktop/desktop_native/core/src/biometric/windows.rs

@@ -119,7 +119,7 @@ impl super::BiometricTrait for Biometric {
         Ok(OsDerivedKey { key_b64, iv_b64 })
     }
 
-    fn set_biometric_secret(
+    async fn set_biometric_secret(
         service: &str,
         account: &str,
         secret: &str,
@@ -131,11 +131,11 @@ impl super::BiometricTrait for Biometric {
         ))?;
 
         let encrypted_secret = encrypt(secret, &key_material, iv_b64)?;
-        crate::password::set_password(service, account, &encrypted_secret)?;
+        crate::password::set_password(service, account, &encrypted_secret).await?;
         Ok(encrypted_secret)
     }
 
-    fn get_biometric_secret(
+    async fn get_biometric_secret(
         service: &str,
         account: &str,
         key_material: Option<KeyMaterial>,
@@ -144,7 +144,7 @@ impl super::BiometricTrait for Biometric {
             "Key material is required for Windows Hello protected keys"
         ))?;
 
-        let encrypted_secret = crate::password::get_password(service, account)?;
+        let encrypted_secret = crate::password::get_password(service, account).await?;
         match CipherString::from_str(&encrypted_secret) {
             Ok(secret) => {
                 // If the secret is a CipherString, it is encrypted and we need to decrypt it.
@@ -290,57 +290,55 @@ mod tests {
         assert_eq!(decrypt(&secret, &key_material).unwrap(), "secret")
     }
 
-    #[test]
-    fn get_biometric_secret_requires_key() {
-        let result = <Biometric as BiometricTrait>::get_biometric_secret("", "", None);
+    #[tokio::test]
+    async fn get_biometric_secret_requires_key() {
+        let result = <Biometric as BiometricTrait>::get_biometric_secret("", "", None).await;
         assert!(result.is_err());
         assert_eq!(
             result.unwrap_err().to_string(),
             "Key material is required for Windows Hello protected keys"
         );
     }
 
-    #[test]
-    fn get_biometric_secret_handles_unencrypted_secret() {
-        scopeguard::defer! {
-            crate::password::delete_password("test", "test").unwrap();
-        }
+    #[tokio::test]
+    async fn get_biometric_secret_handles_unencrypted_secret() {
         let test = "test";
         let secret = "password";
         let key_material = KeyMaterial {
             os_key_part_b64: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned(),
             client_key_part_b64: Some("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned()),
         };
-        crate::password::set_password(test, test, secret).unwrap();
+        crate::password::set_password(test, test, secret).await.unwrap();
         let result =
             <Biometric as BiometricTrait>::get_biometric_secret(test, test, Some(key_material))
+                .await
                 .unwrap();
+        crate::password::delete_password("test", "test").await.unwrap();
         assert_eq!(result, secret);
     }
 
-    #[test]
-    fn get_biometric_secret_handles_encrypted_secret() {
-        scopeguard::defer! {
-            crate::password::delete_password("test", "test").unwrap();
-        }
+    #[tokio::test]
+    async fn get_biometric_secret_handles_encrypted_secret() {
         let test = "test";
         let secret =
             CipherString::from_str("0.l9fhDUP/wDJcKwmEzcb/3w==|uP4LcqoCCj5FxBDP77NV6Q==").unwrap(); // output from test_encrypt
         let key_material = KeyMaterial {
             os_key_part_b64: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned(),
             client_key_part_b64: Some("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned()),
         };
-        crate::password::set_password(test, test, &secret.to_string()).unwrap();
+        crate::password::set_password(test, test, &secret.to_string()).await.unwrap();
 
         let result =
             <Biometric as BiometricTrait>::get_biometric_secret(test, test, Some(key_material))
+                .await
                 .unwrap();
+        crate::password::delete_password("test", "test").await.unwrap();
         assert_eq!(result, "secret");
     }
 
-    #[test]
-    fn set_biometric_secret_requires_key() {
-        let result = <Biometric as BiometricTrait>::set_biometric_secret("", "", "", None, "");
+    #[tokio::test]
+    async fn set_biometric_secret_requires_key() {
+        let result = <Biometric as BiometricTrait>::set_biometric_secret("", "", "", None, "").await;
         assert!(result.is_err());
         assert_eq!(
             result.unwrap_err().to_string(),

apps/desktop/desktop_native/core/src/password/macos.rs

@@ -3,45 +3,40 @@ use security_framework::passwords::{
     delete_generic_password, get_generic_password, set_generic_password,
 };
 
-pub fn get_password(service: &str, account: &str) -> Result<String> {
+pub async fn get_password(service: &str, account: &str) -> Result<String> {
     let result = String::from_utf8(get_generic_password(&service, &account)?)?;
     Ok(result)
 }
 
-pub fn get_password_keytar(service: &str, account: &str) -> Result<String> {
-    get_password(service, account)
-}
-
-pub fn set_password(service: &str, account: &str, password: &str) -> Result<()> {
+pub async fn set_password(service: &str, account: &str, password: &str) -> Result<()> {
     let result = set_generic_password(&service, &account, password.as_bytes())?;
     Ok(result)
 }
 
-pub fn delete_password(service: &str, account: &str) -> Result<()> {
+pub async fn delete_password(service: &str, account: &str) -> Result<()> {
     let result = delete_generic_password(&service, &account)?;
     Ok(result)
 }
 
-pub fn is_available() -> Result<bool> {
+pub async fn is_available() -> Result<bool> {
     Ok(true)
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
 
-    #[test]
-    fn test() {
-        scopeguard::defer!(delete_password("BitwardenTest", "BitwardenTest").unwrap_or({}););
-        set_password("BitwardenTest", "BitwardenTest", "Random").unwrap();
+    #[tokio::test]
+    async fn test() {
+        set_password("BitwardenTest", "BitwardenTest", "Random").await.unwrap();
         assert_eq!(
             "Random",
-            get_password("BitwardenTest", "BitwardenTest").unwrap()
+            get_password("BitwardenTest", "BitwardenTest").await.unwrap()
         );
-        delete_password("BitwardenTest", "BitwardenTest").unwrap();
+        delete_password("BitwardenTest", "BitwardenTest").await.unwrap();
 
         // Ensure password is deleted
-        match get_password("BitwardenTest", "BitwardenTest") {
+        match get_password("BitwardenTest", "BitwardenTest").await {
             Ok(_) => panic!("Got a result"),
             Err(e) => assert_eq!(
                 "The specified item could not be found in the keychain.",
@@ -50,9 +45,9 @@ mod tests {
         }
     }
 
-    #[test]
-    fn test_error_no_password() {
-        match get_password("Unknown", "Unknown") {
+    #[tokio::test]
+    async fn test_error_no_password() {
+        match get_password("Unknown", "Unknown").await {
             Ok(_) => panic!("Got a result"),
             Err(e) => assert_eq!(
                 "The specified item could not be found in the keychain.",